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AMENDMENTS TO THE CLAIMS 

Upon entry of this amendment, the following listing of claims will replace all prior 
versions and listings of claims in the pending application. 

Please amend claims 1-6, 8, 10-14, 16-29 and 32 and cancel claim 31 as follows: 

1 . (Currently Amended) A method for isolating access by application programs to native 
resources provided by an operating system, the method comprising instructing a suitably 
programmed computer to perform the steps of: 

(a) redirecting to an isolation environment comprising a user isolation scope layer and an 
application isolation scope layer a request for a native resource provided by an operating system 
and stored in a memory element provided by a computer , the request made by a process 
executing on behalf of a first user; 

(b) locating in the memory element an instance of the requested resource associated with 
a in the user isolation scope provided by the user isolation layer on behalf of a first user; and 

(c) responding to the request for the native resource using the instance of the requested 
native resource located i n the memory element and associated with the user isolation scope. 

2. (Currently Amended) The method of claim 1 wherein step (b) comprises failing to locate an 
instance of the requested native resource m associated with the user isolation scope. 

3. (Currently Amended) The method of claim 2 wherein step (c) comprises redirecting the 
request to the application isolation layer scope . 

4. (Currently Amended) The method of claim 3 further comprising the steps of: 

(d) locating in the memory element an instance of the requested native resource in the 
associated with an application isolation scope provided by the application isolation layer ; and 

(e) responding to the request for the native resource using the instance of the requested 
native resource located in the memory element and associated with the application isolation 
scope. 



4432403vl 



-2- 



Application No. 10/711,737 



Docket No. CTX-105US 



5. (Currently Amended) The method of claim 4 wherein step (e) comprises creating an instance 
of the requested native resource in associated with the user isolation scope that corresponds to 
the instance of the requested native resource located in associated with the application isolation 
scope and responding to the request for the native resource using the created instance of the 
requested native resource created in associated with the user isolation scope. 

6. (Currently Amended) The method of claim 4 wherein step (d) comprises failing to locate an 
instance of the requested native resource in the memory element and associated with the 
application isolation scope. 

7. (Previously presented) The method of claim 6 wherein step (e) comprises responding to the 
request for the native resource using a system-scoped native resource. 

8. (Currently Amended) The method of claim 6 wherein step (c) comprises: 

creating an instance of the requested native resource in associated with the user isolation 
scope that corresponds to the instance of the requested resource located in associated with a 
system scope and responding to the request for the native resource using the created instance of 
the resource created in associated with the user isolation scope. 

9. (Original) The method of claim 1 further comprising the step of hooking a request for a native 
resource made by a process executing on behalf of a first user. 

10. (Currently Amended) The method of claim 1 further comprising the step of intercepting a 
request for a native resource made by a process executing on behalf of a first user. 

1 1 . (Currently Amended) The method of claim 1 further comprising the step of intercepting by a 
file system filter driver a request for a file system native resource made by a process executing 
on behalf of a first user. 

12. (Currently Amended) The method of claim 1 wherein step (a) comprises redirecting to an 
isolation environment comprising a user isolation scope layer and an application isolation scope 
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layer a request for a file stored in a memory element provided by a computer, the request made 
by a process executing on behalf of a first user. 

13. (Currently Amended) The method of claim 1 wherein step (a) comprises redirecting to an 
isolation environment comprising a user isolation scope layer and an application isolation scope 
layer a request for a registry database entr y stored in a memory element provided by a computer, 
the request made by a process executing on behalf of a first user. 

14. (Currently Amended) The method of claim 1 further comprising the steps of: 

(d) redirecting to the isolation environment a request for the native resource made by a 
second process executing on behalf of a second user; 

(e) locating in the memory element an instance of the requested native resource in-a 
associated with a second user isolation scope provided by the user isolation layer on behalf of the 
second user ; and 

(f) responding to the request for the native resource using the instance of the native 
resource located in the memory clement and associated with the second user isolation scope. 

15. (Original) The method of claim 14 wherein the process executes concurrently on behalf of a 
first user and a second user. 

16. (Currently Amended) The method of claim 14 wherein step (e) comprises failing to locate an 
instance of the requested native resource m associated with the second user isolation scope. 

17. (Currently Amended) The method of claim 16 wherein step (f) comprises redirecting the 
request to the application isolation layer scope . 

18. (Currently Amended) The method of claim 17 further comprising the steps of: 

(d) locating in the memory element an instance of the requested native resource in the 
associated with an application isolation scope provided by the application isolation layer on 
behalf of an application ; and 
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(e) responding to the request for the native resource using the instance of the native 
resource located in associated with the application isolation scope. 

19. (Currently Amended) The method of claim 1 further comprising the steps of: 

(d) redirecting to the isolation environment a request for a native resource made by a 
second process executing on behalf of a first user; 

(e) locating in the memory element an instance of the requested native resource in 
associated with the user isolation scope; and 

(f) responding to the request for the native resource using the instance of the resource 
located in associated with the user isolation scope. 

20. (Currently Amended) The method of claim 19 wherein step (e) comprises failing to locate an 
instance of the requested native resource in associated with the user isolation scope. 

21. (Currently Amended) The method of claim 20 wherein step (f) comprises redirecting the 
request to locate an instance of the native resource associated with a second application isolation 
scope provided by the application isolation layer on behalf of a second application . 

22. (Currently Amended) The method of claim 21 further comprising the steps of: 

([[d]]g) locating an instance of the requested native resource in associated with the 
second application isolation scope; and 

([[e]]h) responding to the request for the native resource using the instance of the native 
resource located in associated with the second application isolation scope. 

23. (Currently Amended) An isolation environment apparatus for isolating access by application 
programs to native resources provided by an operating system, the isolation environment 
apparatus comprising : 

computer-readable program means for a user isolation scope storing associating an 
instance of a native resource provided by an operating system with a user isolation scope 
provided by an isolation environment comprising an application isolation layer and a user 
isolation layer , the user isolation scope corresponding to a user; and 
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computer-readable program means for a redirector intercepting a request for the anative 
resource made by a process executing on behalf of the user and redirecting the request to the 
instance of the resource associated with the u ser isolation scope. 

24. (Currently Amended) The apparatus of claim 23 whoroin the further comprising computer- 
readable program means for associating an instance of a native resource with isolation 
environment further comprises an application isolation scope provided by the isolation 
environment, the application isolation scope corresponding to an application storing an instance 
of the native resource . 

25. (Currently Amended) The apparatus of claim 24 wherein the computer-readable program 
means for associating an instance of a native resource with an application isolation scope 
isolation environment further comprises means for associating an instance of the native resource 
with a second application isolation scope , the second isolation scope corresponding to a second 
application storing an instance of tho native resource . 

26. (Currently Amended) The apparatus of claim 23 wherein the computer-readable program 
means for intercepting a request redirector returns a handle to the requesting process that 
identifies the native resource. 

27. (Currently Amended) The apparatus of claim 23 further comprising computer-readable 
program means for a rules engine - specifying behavior for the computer-readable program means 
for intercepting a request rodiroctor when redirecting the request. 

28. (Currently Amended) The apparatus of claim 23 wherein the computer-readable program 
means for intercepting a request redirector comprises a file system filter driver. 

29. (Currently Amended) The apparatus of claim 23 wherein the computer-readable program 
means for intercepting a request r edirector comprises a function hooking mechanism. 

30. (Previously presented) The apparatus of claim 29 wherein the function hooking mechanism 
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intercepts an operation selected from the group of file system operations, registry operations, 
operating system services, packing and installation services, named object operations, window 
operations, file-type association operations and Component Object Model (COM) server 
operations. 

31. (Canceled) 

32. (Currently Amended) The apparatus of claim 23 wherein the computer-readable program 
means for associating an instance of a native resource with a user isolation scope application 
isolation environment further comprises means for associating an instance of the native resource 
with a second user isolation scope storing an instance of the native resource , the second user 
isolation scope corresponding to a second user. 
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